7 Best Reverse Engineering Courses for 2024
Here is a guide with the best online courses to learn Software Reverse Engineering (SRE), a valuable tool for malware analysts, security researchers, and forensics investigators.
Software reverse engineering (SRE) is the practice of analyzing a software system to extract design patterns and implementation information. This involves studying the program’s code (usually a low-level assembly or bytecode) to understand its behavior and functions.
If you are looking for the best online courses to learn Software Reverse Engineering (SRE), I’ve made this Best Courses Guide (BCG) with my top picks.
Click on the shortcuts for more details:
- Top Picks
- What is (Software) Reverse Engineering?
- Why You Should Trust Us
- Courses Overview
- How We Made Our Picks and Tested Them
Here are our top picks
Click to skip to the course details:
What is (Software) Reverse Engineering?
Reverse engineering is the process of taking an object apart and understanding its design and functionality to understand how it works and potentially recreate it or create something similar. This technique has been used throughout history to understand the technology (especially military) of others, from the Ancient Egyptians capturing and incorporating fearsome Assyrian chariots into their own army, to more recent examples when the Soviets reversed engineered American planes and vice versa.
In the information age, a new form of reverse engineering has emerged: Software Reverse Engineering (SRE). Instead of physical technology, digital technology can be taken apart and analyzed for information. This involves studying the program’s code and internal operations to understand its behavior and functions. Often, only the compiled machine code or bytecode is available, making it a challenge to translate low-level abstractions back into higher-level concepts.
SRE is a valuable tool for malware analysts and security researchers. They can use it to create patches and fix bugs in existing software. Analysts can even turn the tool against hackers and find vulnerabilities in malware.
If you’re interested in working in the cybersecurity field, or if you’re curious about how some piece of software works under the hood (but don’t violate any licensing agreements), learning SRE can be a useful skill to have.
Why You Should Trust Us
Class Central, a Tripadvisor for online education, has helped 60 million learners find their next course. We’ve been combing through online education for more than a decade to aggregate a catalog of 200,000 online courses and 200,000 reviews written by our users. And we’re online learners ourselves: combined, the Class Central team has completed over 400 online courses, including online degrees.
Courses Overview
- 5.7K learners are following the Reverse Engineering Courses on Class Central
- All of the courses are free or have free trial, except for two
- All of the courses expect some familiarity with programming.
Best Free Ghidra Course for Beginners (Hackaday)
Introduction to Reverse Engineering with Ghidra on Hackaday is a free course that will teach you how to reverse engineer software using Ghidra, a free software reverse engineering tool developed by the NSA.
By the end of the course, you’ll have a good understanding of x86_64 architecture for Linux and be able to use different methodologies and approaches when reverse engineering an unknown program.
To take this course, you’ll need experience with C programming and Assembly language.
What you’ll learn:
- Understand how software is built and compiled, from high-level languages to machine code
- Use Ghidra to disassemble compiled bytecode and reconstruct x86 assembly-level instructions
- Translate common C constructs (control flow, loops, variables, functions, etc.) into assembly code
- Compare various reverse engineering tools and their pros/cons
- Patch binaries to modify compiled program behavior
- Explore OS concepts such as system calls
- Master advanced features: loading external libraries, performing patch analysis and diffing, generating checksums.
| Provider | Hackaday |
| Instructors | Matthew Alt |
| Level | Beginner |
| Workload | 4 hours |
| Views | 80K |
| Exercises | Practice exercises with solutions |
| Certificate | None |
Best Free Text Based Course With Hands-on Labs With Trusted Industry Leader (Malware Unicorn)
Reverse Engineering 101 hosted by Malware Unicorn is a free hands-on workshop that will teach you the fundamentals of reverse engineering x86 Windows malware. You’ll set up your own malware analysis environment and learn about operating systems and assembly concepts. You’ll also get to analyze malware hands-on using triage, static, and dynamic analysis.
To take this course, you’ll need at least 8 GB of RAM, 40 GB of storage, and an internet connection.
What you’ll learn:
- Set up a safe malware analysis environment using VirtualBox
- Understand key operating system and assembly concepts
- Study the anatomy of a typical Portable Executable Windows Program
- Dissect C-compiled assembly code
- Explore various types of malware and their attack flows
- Learn how malware infiltrates and hides in systems
- Use popular Reverse Engineering tools like disassemblers and debuggers
- Perform hands-on malware analysis using common methodologies:
- Gather initial information about malware origins
- Conduct triage analysis to identify malware characteristics
- Execute static analysis to examine code without running the malware
- Perform dynamic analysis to understand hidden functionality and behavior.
| Provider | Malware Unicorn |
| Instructor | Amanda Rousseau |
| Level | Beginner |
| Workload | 4–5 hours |
| Exercises | Lab exercises |
| Certificate | None |
Best Free Text and Exercise Based Intro to Windows SRE Using IDA (TryHackMe)
This free hands-on course introduces students to reverse engineering software on Windows. You’ll cover high-level concepts at a lower level and also be introduced to IDA, a popular reverse engineering tool, through the virtual machine provided (or on your own machine, if you’d like).
By the end of the Windows Reversing Intro lab on TryHackMe, you’ll be able to perform more advanced reverse engineering techniques.
What you’ll learn:
- Master key IDA functionalities:
- Disassembling
- Decompiling
- Debugging
- Understand functions and their stack frames:
- Analyze how functions and loops appear in assembly language
- Exploit frame pushing and popping to modify programs
- Identify common data structures in assembly code:
- Stacks
- Arrays
- Classes (in object-oriented Windows environment)
- Unmangle garbled C++ function names when reading DLLs.
| Provider | TryHackMe |
| Level | Beginner |
| Workload | N/A |
| Enrollments | 2.3K |
| Likes | 140 |
| Exercises | 8 tasks on virtual machine |
| Certificate | None |
Free Gitbook Collection Of Text Based Courses on X86, Arm32, X64, Arm64 SRE (Kevin Thomas)
Reverse Engineering For Everyone! is a free comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures. Yes, all of them!
These tutorials will carry you from nothing up to the mid-basics of reverse engineering.
No prior knowledge of reverse engineering is needed to take this course.
In this course, you will learn:
- x86 and x64 architectures tutorials:
- You’ll learn about processor architectures, including registers and memory management. You’ll also learn assembly language and take a careful look at stacks and heaps. With this knowledge, you’ll be equipped with reversing engineering knowledge to identify malware with static and dynamic analysis, and then debug and reverse engineer them
- Specifically for the x64 course, you’ll learn how the boot sector works and how it can be exploited, as well as look at various C programs translated into assembly code
- 32-bit and 64-bit ARM architectures tutorials:
- You’ll learn the ARM-32 bit architecture. You’ll take a look at the Von Neumann architecture, the instruction pipeline, as well as the registers involved. You’ll also write very basic C++ programs and then reverse them one at a time into ARM instructions. Then, you’ll learn how to debug and override these instructions.
Here is the GitHub repository of the course and the Discord server to meet other reverse engineers.
| Provider | GitHub |
| Instructor | Kevin Thomas |
| Level | Beginner |
| Workload | N/A |
| Exercises | Code examples on VM and projects |
| Certificate | None |
Best Reverse Engineering Malware Course (Cybrary)
Intro to Malware Analysis and Reverse Engineering on Cybrary will give you the knowledge and skills needed to combat malware targeted towards organizations. It is designed for beginners in information technology to help prepare for the Certified Ethical Hacker (CEH) exam.
You’ll analyze and understand common malware tactics using reverse engineering, and then learn how to identify, isolate, and defend against these threats using malware analysis and reverse engineering tools.
No prior experience with programming or knowledge of assembly is required to take this course with free limited access. But, it is recommended that you have a general understanding of Networking, Operating System Internals, Programming, and Hacking.
What you’ll learn:
- Understand the limitations of antivirus software and the importance of malware analysis
- Set up a malware analysis lab:
- Configure a Windows XP Virtual Machine
- Funnel traffic to a Kali Linux VM
- Perform dynamic analysis:
- Identify different types of malware in real-time
- Assess potential risks and impacts
- Recognize indicators of compromise in a system
- Execute basic static analysis:
- Analyze code and functionality without executing malware
- Debug and disassemble malware samples
- Implement a hybrid approach combining dynamic and static analysis
- Understand and deal with packers:
- Learn how malware uses compression and encryption to evade detection
- Identify malware disguised as legitimate software
- Master advanced techniques to bypass malware defenses:
- Counter anti-VM measures
- Overcome anti-disassembly tactics
- Bypass other advanced malware protection mechanisms.
| Provider | Cybrary |
| Instructor | Sean Pierce |
| Level | Advanced |
| Workload | 9–10 hours |
| Exercises | Hands-on lab |
| Certificate | Paid |
Best Reverse Engineering Malware Course With IDA Pro (Pluralsight)
Security for Hackers and Developers: Reverse Engineering is another course on Pluralsight that teaches you how to reverse engineer programs (including malware) through hands-on demos with IDA and Binary Ninja, both popular tools among reverse engineers. By the end of the paid course with free trial, you’ll know how to reverse engineer C and C++ programs with confidence.
What you’ll learn:
- Set up and master IDA Pro:
- Understand its key functions
- Use IDA Pro to find hidden passwords in applications
- Comprehend x86 assembly code:
- Study the lowest level of code abstraction
- Learn assembly calling conventions
- Analyze compiled programs:
- Examine assembly code generated from C and C++ programs
- Compare high-level C code with its corresponding assembly
- Perform binary patching:
- Fix security vulnerabilities in compiled programs
- Customize IDA Pro:
- Write scripts to enhance efficiency and productivity.
| Provider | Pluralsight |
| Instructor | Jared DeMott |
| Level | Intermediate |
| Workload | 2–3 hours |
| Rating | 4.0 / 5.0 (55) |
| Exercises | Labs and demos |
| Certificate | Paid |
Best 32 Bit Linux SRE and Malware Analysis Course (PentesterAcademy)
PenTesterAcademy’s Reverse Engineering Linux 32-bit Applications course provides a comprehensive overview of reverse engineering Linux 32-bit applications.
By the end of this paid course, you’ll become familiar with how Linux applications work and their common flaws, how to locate these flaws manually or automatically with common reversing tools such as debuggers, fuzzers, Python scripts, and other scripting tools.
What You’ll Learn:
- Master key concepts and tools for reverse engineering Linux 32-bit applications:
- Set up a safe virtualized testing environment
- Use IDA Pro, freeware Linux debuggers, scripting tools, decompilers, and fuzzers
- Understand 32-bit Intel Assembly:
- Learn basics of assembly language
- Study Linux calling conventions
- Identify and exploit common security flaws:
- Stack overflows
- Heap overflows
- Section overflows
- First string flaws
- Kernel flaws
- Automate reverse engineering tasks:
- Utilize Python and shell scripting for increased productivity
- Explore advanced concepts:
- Shellcoding techniques
- Using Metasploit for exploit modules.
| Provider | PentesterAcademy |
| Instructor | Philip Polstra |
| Level | Beginner |
| Workload | N/A |
| Certificate | None |
How We Made Our Picks and Tested Them
I built this article following the now tried-and-tested methodology used in previous Best Courses Guides (you can find them all here). It involves a three-step process:
- Research: I started by leveraging Class Central’s database with 200K online courses and 200K+ reviews. Then, I made a preliminary selection of 500+ Reverse Engineering courses by rating, reviews, and bookmarks.
- Evaluate: I read through reviews on Class Central, Reddit, and course providers to understand what other learners thought about each course and combined it with my own experience as a learner.
- Select: Well-made courses were picked if they presented valuable, engaging content and fit in a set of criteria: comprehensive curriculum, affordability, release date, ratings and enrollments.
Fabio revised the research and the latest version of this article.
Elham Nazif
